The Register® — Biting the hand that feeds IT

Feeds

DigiNotar hacker says he stole huge GlobalSign cache

An internet user with proven ties to the DigiNotar hack claims he stole email, customer data and other sensitive data from two competing web authentication authority that will be released publicly soon. In a statement posted Thursday, an individual calling himself Comodohacker expanded on previous claims that he breached the …

This topic is closed for new posts.
Joe Montana
Mushroom

Startcom

Startcom's website admitted a breach a few months ago, and their service was offline for some time as a result... Perhaps this was the same attack?

Anonymous Coward
FAIL

Yes, of COURSE it must have been...

... sponsored by the Iranian government, then the CAs can say "We were not breached by one person with too much time on their hands because we are incompetent; we are under attack from a hostile, state under sanctions from the UN!!1!1!oneone... Send in the bombers!"

Tomato42
Devil
Reply Icon

state sponsored

It's state sponsored in the same way the comodo breaches were: the IP provided by Comodo was involved with the breaches. Thing is, its user used a video how to site to learn about MITM and downloaded sslsniff from Moxie Marlinspike website leaving a HTTP referrer...

Remember, to a CEO, any computer user that knows WinKey+R opens Run dialog and "cmd" is the shell executable is "sophisticated".

Whole CA business is a security theater, now we finally see that the gold is painted and mahogany is made from pine wood.

Destroy All Monsters
Facepalm

Another false flag operation, more like.

> "a totally a state-sponsored attack on the PK infrastructure"

> guy turns up, bragging about the exploits

retard.jpg

Tomato42
Trollface
Reply Icon

Public education

The guy was taught in public school, the school is sponsored by Iranian government, ergo the attack was sponsored by Iranian government. QED.

Robert Carnegie

I think you mean,

"claims Microsoft made Monday that fraudulently issued certificates for domains including *.microsoft.com and *.windowsupdate.com could *NOT* be used to hijack Microsoft's security update system."

And I think Microsoft is right in that the certificate isn't enough, you also have to bend DNS or bend the network to make PCs communicate with your evil server instead of the real one.

And I think it's still illegal to supply Microsoft Windows or other American software to Iran anyway, which logically would also include Windows updates. I've been expecting that that'd be the next law case against Linux, whose licence doesn't include that rule.

Ru
Facepalm
Reply Icon

"I've been expecting that that'd be the next law case against Linux"

Lawsuit against whom? What makes so many people feel that 'Linux' is some kind of legal entity?

Ken Hagan
Reply Icon

Re: Microsoft is right

If we believe Microsoft's claim that updates have to be signed by the Microsoft root CA, then even persuading clients to talk to your fraudulent server wouldn't be enough to hijack Windows Update.

And this is a *very* plausible claim. In fact, I'd be quite shocked if it weren't true.

Phil from Raleigh
IT Angle

on state sponsored

Remember, to a CEO, any computer user that knows WinKey+R opens Run dialog and "cmd" is the shell executable is "sophisticated".

***

Really priceless quote.

PKI has been hamstrung by the "good enough" approach long enough, as have been most parts of the Internet infrastructure. The mere mention of "you also have to bend DNS" immediately brought to mind the cache poisoning exploit discovered 3 years ago. In that case the most troubling quote I saw was from Kaminsky himself, when he said, "this is how the Internet works."

This topic is closed for new posts.